Jump to content
Latest News: (loading..)
andy_1984

Europe Cookie Laws

Recommended Posts

What is your idea on how osCommerce shopkeepers should handle this?

Edited by burt

This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

What is your idea on how osCommerce shopkeepers should handle this?

 

ive been thinking about a less painless way since hearing about it last night.

 

removing the need for cookies completely and using sessions instead is one option

 

the other (for people who need to use cookies) will need to ask the European users permission when first accessing the website. rough example:

 

this website requires the use of cookies but due to new European law we must ask for your permission to store cookies on your computer. do you wish to enable cookies. selecting no will prevent you from using the site properly and may effect your shopping etc etc. (yes / no button here)

 

obviously there would need to be a rewrite of the cookie functions to accommodate this permission request but i havnt got that far yet

Edited by andy_1984

Share this post


Link to post
Share on other sites

the law been created by person without any knowledge of web or PC...


Please read this line: Do you want to find all the answers to your questions? click here. As for contribution database it's located here!

8 people out of 10 don't bother to read installation manuals. I can recommend: if you can't read the installation manual, don't bother to install any contribution yourself.

Before installing contribution or editing/updating/deleting any files, do the full backup, it will save to you & everyone here on the forum time to fix your issues.

Any issues with oscommerce, I am here to help you.

Share this post


Link to post
Share on other sites

As this is now coming into effect, does anyone have any ideas on how to actually deal with this STUPID situation?

 

According to the EU we have only 3 weeks to deal with this! Here in the UK it seems that we might have a 12 month grace period due to the fact that the responsible minister appreciates that we need time to come up with solutions.

 

I have v2.2 RC2a sites so a suitable solution would be appreciated :)

 

Paul.

Share this post


Link to post
Share on other sites

Cookies for site functionality are fine. Are there any un-needed cookies in your site?

 

http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/cookie_rules_prepare.aspx (PDF file)


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

Cookies for site functionality are fine. Are there any un-needed cookies in your site?

 

http://www.ico.gov.u...es_prepare.aspx (PDF file)

 

Thank you for the quick response.

 

I have d/l and read the PDF. As a 'layman' most of it is gobledygook to me. I have absolutely no idea what cookies osC uses and, if it does, whether or not they fall foul of this nonsense.

 

I suspect I am not alone in that I managed to sort out a domain and hosting, spent months 'tweaking' osC with add-ons but only because of the instructions that came with them and the help of this forum. 'Coding PHP/HTML' is a foreign art that I do not have. Consequently, adding add-ons is a challenge. As far as understanding cookies - ????.

 

If it is not too much to ask, could someone help me, and others like me, by suggesting what we need to do to comply with this nonsense?

Share this post


Link to post
Share on other sites

In my opinion every cookie set by osCommerce is critical to the function of osCommerce, hence you need do nothing to comply.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

It seems its more aimed at sites setting 3 party cookies

 

In my opinion every cookie set by osCommerce is critical to the function of osCommerce, hence you need do nothing to comply.

 

So a simple statement in Privacy stating that "no 3rd party cookies are used and any cookies created are for the sole purpose of, and essential to, the function of the site" should suffice?

 

If that is the case then I am even more impressed by osC :)

Share this post


Link to post
Share on other sites

This wonderful line is in your cookie_usage.php (it shows when customers have their browser set not to accept cookies and your store is set to force cookie use)

 

"Cookies must be enabled to purchase online on this store to embrace privacy and security related issues regarding your visit to this site.

 

By enabling cookie support on your browser, the communication between you and this site is strengthened to be certain it is you who are making transactions on your own behalf, and to prevent leakage of your privacy information."

 

osC cookies are not the tracking cookies that the EU are getting concerned about

Share this post


Link to post
Share on other sites

I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it.

 

If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

I have just received an email from the ICO office with a link to the PDF that is already listed in this forum. After having read this forum and the email, di i take it that oscommerc does not use cookies apart from those needed to complete a service requested by a customer ie to complete an order and send it.

 

If that is the case, it looks as if nothing need to be done. I am not too hot on programming, so dont fully understand what oscommerce does with cookies.

 

We are in the same boat. I also read the document but had trouble making sense of it. From all the comments above I ended up adding the following paragraph to the Privacy page.

On  26 May 2011, the rules about cookies on websites changed. This site  uses cookies. One of the cookies we use is essential for
parts of the  site to operate and has already been set. You may delete and block all  cookies from this site, but parts of the site will not work.
We do not  use 3rd party tracking cookies. For further information look at [url="http://www.allaboutcookies.org/"]allaboutcookies.org[/url]

Edited by GwilliamP

Share this post


Link to post
Share on other sites

Go to the ICO website and see what they have done on their front page. There is a large box at the top of the page explaining about cookies. Its the first time i have seen something like this.


REMEMBER BACKUP, BACKUP AND BACKUP

Before installing the official version of oscommerce first look at a responsive version here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

To be absolutely pedantic for a minute, a cookie is stored to maintain a session and having it stops the need for URLs to have oscsid=aabbccdd112233 in the URL. If you were to say why not do that, I'd say that it is indeed a security risk. Where a site is misconfigured and they maintain this, past the first page click, those links sometimes get posted on Google and clicking on the link can restart a session. That session is then shared with anyone else who clicks on the link. That means the second customer can go to the account details page and see your address and your past orders.

 

However

The session is only needed to store your cart, a non-default language, a non-default currency, so if a customer is just looking around, comparing prices, seeing what you've got to sell, there's really no need to have that information stored so a session doesn't need to be started. Also, that tends to be what web robots and spiders do - they don't need sessions.

 

The trick then becomes, can we start the session when a "Buy Now" button is pressed.

 

The other aspect is Google Analytics. That surely is not necessary to the customer experience but very useful for store owners.

 

The final piece is $_SERVER variable called $_SERVER['HTTP_DNT'] which is set to 1 in Firefox if the customer has configured "Tell websites I do not want to be tracked". Other browsers don't support it yet, but surely it's only a matter of time.

 

Graith

Share this post


Link to post
Share on other sites

That's an interesting proposition -- to not start a session (by either sessionID or cookie) until it's necessary to pass information between pages. I'm sure that normal session maintenance cookies certainly don't violate the spirit of the law, although who knows if some computer-illiterate bureaucrat or judge would interpret it as violating the letter of the law. If I were in the E.U., I would go ahead and use session cookies, and if someone wanted to prosecute me for it, make a huge public stink about how stupid the law is and the E.U. should simply go out of business!

 

An aside: I wonder how the Dutch feel about limiting cookies? After all, the word descends from a Dutch term for "little cakes" and spread from New Amsterdam (now New York) into American English. I understand that the British still call them "biscuits".


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

I believe the main issues is if you have Google Analytics on your eCommerce site, as that uses cookies, and they are 3rd party tracking cookies.

On the bright side, in the UK even the Information Commissioner's Office Website does not technically comply with the cookie law, but you have to wonder how likely it is that having cookies (even google analytics cookies) would result in legal action.

 

Personally, i believe it is arguable that even the Google Analytics cookies are essential to the operation of your website, in order to make it function better for the visitors to it.

 

This is of course merely my personal opinion and not legal advice, but for comparison, has any website owner ever been prosecuted under the disability discrimination act?

Share this post


Link to post
Share on other sites

This is a well-intentioned law (forbid the invasion of privacy by tracking cookies) implemented in a brain-dead manner. My non-legal advice would be to

  1. Make sure you don't install any add-ons (e.g., Google Analytics) which do add what could reasonably be called tracking cookies.
  2. If you really want to add tracking cookies (where they're legal), look into disabling that feature for EU users (both IP address geo-location and registered user's countries).
  3. Add some highlighted text to the Terms of Service notifying users that you do use session-maintenance cookies, that are deleted when the browser closes (check if that's true...).

If the authorities come after you, raise a public stink about how government sites (e.g., ICO) use illegal tracking cookies, and how they should be prosecuted first! Maybe you can gain fame as the straw that broke the EU camel's back!


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Ok well it is now 25 May and this comes into effect tomorrow - Has anyone managed to come up with anything definitive on this subject for OSC ? especially the use of Google analyitics?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

I have just noticed that the ICO website Privacy notice has a useful looking table here : http://www.ico.gov.uk/Global/privacy_statement.aspx as I, like most people, have little understanding of how OSC & Google / Youtube (for embedded videos) etc use cookies and what their names may be, would it be possible for someone who understands this to produce a similar table for use in our privacy statements?

 

Also, an acceptance box on the home page would not be appropriate - as most visitors enter on a product page via google shopping or a search engine / facebook link.


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

If you are anywhere within the confines of the EU, you MUST today;

 

1. ensure that you have an adequate privacy policy.

2. list all of the cookies that your site sets, and explain why these are set.

3. Create an opt-out IF your site sets cookies that are non-essential to the running of your site.

3a. If ALL of your cookies are essential, then you should still create some type of interface to allow visitors to view your privacy policy/cookie list before they visit any other page.

 

NOTE:

Analytics is non-essential to the running of ANY site.


This is a signature that appears on all my posts.  
IF YOU MAKE A POST REQUESTING HELP...please state the exact version
of osCommerce that you are using. THANKS

 
Get the latest current code (community-supported responsive 2.3.4.1BS Edge) here

 

Share this post


Link to post
Share on other sites

what about external payment gatewys (e.g. paypal, sagepay) would i need to include saying that they may set cookies (which is out of our control, or should i leave it to there policy

Share this post


Link to post
Share on other sites

@@burt

 

Thanks Gary, but not really that helpful, I already have the privacy policy - but it is the mechanics of the task, ie.:

 

1) How do I know what cookies my site sets and their names?

2) How do I know if they are "Essential" or not?

3) How to I creat an Opt-Out? maybe a button taking visitors to an opted-out page or back to google?

 

As you are UK based and are in the EU then would I be right in assuming that you have already accomplished all of the above on your sites? If so would you care to share the info?

 

Thinking about this - is the OSC Forum EU Based? Does it set cookies?

 

Thanks


Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×